Date: Wed, 6 Jul 2005 14:11:40 +0800 From: "fooler" <fooler@skyinet.net> To: "Jesper Wallin" <jesper@hackunite.net>, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org, Darren Reed <avalon@caligula.anu.edu.au> Subject: Re: packets with syn/fin vs pf_norm.c Message-ID: <107901c581f1$933e4400$42764eca@ilo.skyinet.net> References: <200507051428.j65ESjJu001522@caligula.anu.edu.au><42CAA478.7010806@hackunite.net> <86br5gpk72.fsf@xps.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Dag-Erling Smørgrav" <des@des.no> To: "Jesper Wallin" <jesper@hackunite.net> Cc: <freebsd-security@freebsd.org>; "Darren Reed" <avalon@caligula.anu.edu.au> Sent: Wednesday, July 06, 2005 1:39 PM Subject: Re: packets with syn/fin vs pf_norm.c > The TCP_DROP_SYNFIN option should be removed; it has long outlived its > original purpose (which was to prevent nmap identification of IRC > servers which didn't run ipfw for performance reasons, back in the 3.0 > days) i vote not to remove because it just an option there whether you want it or not for added protection for OS fingerprinting... standard tcp is the most rampant used than t/tcp and most (or all) tcp modules are not combining syn + fin flag in a tcp datagram for normal tcp transaction... fooler.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?107901c581f1$933e4400$42764eca>